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(54) DIGITAL MEASURING EQUIPMENT AND IMAGE MEASURING EQUIPMENT 

(57)Abstract: 

PROBLEM TO BE SOLVED: To obtain a digital 
measuring equipnnent capable of improving the 
reliability and proving ability in the contents of 
electronic digital data by providing a key generating 
means for generating a pair of public key and secret 
key to be used for the electronic signature of a public 
key enciphering system from a key generation 
algorithm. 

SOLUTION: This equipment has a RAM 12 to load 
various algorithms, secret key, sequence number and 
external certificate key or the like at need and an 
EEPROM 14 for storing the secret key, public key 
certificate, sequence number or external certificate 
key to be used for the electronic signature of the 

public key enciphering system. A CPU 19 acquires time data from a timer 18. stores them 
in the RAM 12. simultaneously acquires photographed image data from a CCD 20 and 
stores them in the RAM 12. Then, the stored image data are compressed. The sequence 
number is taken out of the EEPROM 1 3 and at the same time, a sequence number adding 
'V to that sequence number is stored in the EEPROM 13. 
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2 ] Miett-ifliJ-r- ^ 1 5«f L Ttijl2^i5^M^ffl 
[iS^S 5 ] < i: 1 owngR^iln— F^iK§ 



U T-'I/S^^r^tyiisR^ 6 — 9 cDV^-rn*HCfBKOiii^ 

V ^•rnAHclB«cDa»t1-SlJ«lSo 

[fi5R« 1 3 ] m^m^<Dn^mKmmT^nmm^Vr 

[000 1] 

■v-^-, -b^-y-. FAX i'^v'L.) rjiEfs^i^'i^e,nrcXti 
[0 0 0 2] 

t±\ ^O-r— ^^W-tr^aUT^-f «:5a«bTfeHaDE*fe 
Ot^- ^{'Ffig b /c{^fiK# t b < ti^O^-r- ic Bi bT 

[0 0 0 3] ^cx\ m^i^mtur. Himmfms. 4 

99. 2 9 A^mfmWicit, fJ^}\'f}:^'y\n^<r>'fi> 
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it^— ti'r$/^r ^rt (OS ecure Proces 

s o TicROMitLrmm^rixioKin^-ti^^ms^m-r 

- b i|r— K:3>fJS-r S / y -y ^ ^-^T* i^^* ^V* ;^ -7 0) 
*i!t:k:S'jEn-r5o MfCs "fi^-^i^tD^^x-mmLrcmB 

^Lrcmmiiumtjt)^^>sb^tix\^^^o **5> 

A ^ 7 icj^f J£-r 5^ U -y ^— (± X ^ -'I'* ^ 5 £0^ 
ji^-7!7*^/£;< t^rMffli: bTV>So 

[0 00 4] 

ft < ft 5 1 V ^ pgs*^* o fco 

[0 0 0 5] SfcTs 7'^-r'^-h4^-t/'^:/u 

[0 0 0 6] f'v':>;l/*^5rtM©:5ff'-=<'(D^^ 
*»ji^^tcfcV^TlS^Lfc'#, a3IT♦€ft^/^J: »c L 

[0 0 0 7] ^tz. ±mm5^mXHi7'i^'$' ;Vtl ;^5'm^ 

':/^^-^<^mr^i::^^r><o\tmn-^tm\^xm'Mt.<on 

^r^f^T'} •y^^-«:aiLW^ftttntffte>ftV''i:v> 
[0008] Mfc. •rv^^f/l/*p«7<0J:'5ft— )l5:i— y 
-:S?^IBSiLfc©*\ ftiftc-:3t.^T^<#l«$nTV^ft 

x-^^ftiBJ bfc®A^*'«gi:ftSCi:!{)^feS 
[0 0 0 9] Sfe, •rS^^'/l/*;><70J:-5ft— fiS^— If 



(Ditto • An#x.^^£0M«TicgiLTa#iit^nT*3e. 
tt-r5i:L*^ai'<e)nTv^ftv\ l*^u m?iiSCTm 

;l/=r 'J XA(03S«*^tB5^ 6*11:: ^<ft-3Tb*^i:v^3nI 

10 [0 0 1 0] ^^mi,tcH^(Dmmj^-.^m^r^rcii><D 

[0 0 1 1 ] 

[iiB«:)i?»i-rsfc46<D#®] :$i^itmmm^^m 
mmm.^m&my)\^:i') XL.\c^-:,x^m-^m.^fm 

[0 0 12] S/S, tfffl'J-x-3flc5^LT«5fBa*fflV^T 

PjSil<D*iT'av\ 

[0 0 1 3] MIC. its'j$ti/-dii#^5^-r, i^a2*^e>co 

- ^ cOWMm^^i^mSL L ft v^i -5 tc-r S C i: *'<T- # 5o 
[0 0 14] tfe. i!^ft< fcfe 10CDi1.g|5SEE3-K* 

IKS L . m^^mm - f j^-r § nas^M a^bSc vt l 

[0 0 15] Etc, BiJ(0|gB^i:LT. ®^(D!^8![a*iS 

fplzmiiammir:^Ctl,ci:Os ili»H-SiMg§J;t)t#?>n 
/■cjii«*^3{^A.$ nr v^ft v>jb^ if *^«liET? # 5 * '5 ic 

Mto P, ft V ^g^5^(D{^»1f «fcov>T t>^M^jiAo*'«T' 
^5J;'9tcftofco 
50 [0 0 1 6] 
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[0 0 17] 

Lfc:iBfiS7^-^'-^E«"e<Mffl-rS CT (Compute 

d Tomography) ^RT'ft«ik ttSLL/-cS^ 

if C T^B®^-&tC{i FBP (Filtered Ba 
ck Projection) 'lt\Z^^mWiW^^WiM 

[0018101 it^^^nm 1 (onmm\c%:^'r'J^ 

m^m<r>m^T j]^:^^) xk (flaj^tf r s a i: m d s * 

if) . Rr/na5K:fiEfciSffl-rsB§^T;i'rfux'A («fij^ 

(fD ES(Date Encryption Stan 
d a r d) o COD E S tti^ll^^75iC<DBf#T;l'=f 

oBg^Tyi/druxAT'tst^i&v^) , wmrf—^m^T 

yl/druXA (fiffl^LtfJ PRG) . aS(%ST;l/=f U X 
A, ;<-t'>'$ijei7'o^*-5A^*S*fif ^ROM 1 It, 

RAMI 2fc, '^f^ws^^-n^<r>w^m^\cmAt^Wi 

y yXS^^nSPKIESI^ISiN^-rS E E P R OM 1 3 

K1fS%gt*^aib/S^ii^^^t7^ I C*-F'J-^l 
4, ^rl-gP^Sl 7 f:£D)l€tcJ:S-^t)lI»5«rfT^/-c:i60 

jSffld<-h 1 6 mmf-'^'^mnT^'^^-^ i s 

i:, #«0iS»*fTt-*^o:&«fiES**ffl'#-r5 CPU 

1 9 mmLrcmm^n=?-r'-'S'ic^Wi-r^ c c d 2 
[0 0 19] ^xic. :$immmcommc-Di^rmm-r ^ 

t. ->■•\'•;'^;^^^^>*^^¥ C P U 1 9 lii^f-fT 
1 8*^P>^SiJ7*-^'%ffiJ#U en^RAMl 2fCiB1g 



-rStlRl^tCC C D 2 0*vP)»^iS»x-^'*IX»UT 

RAMI ztctsnrt-rso ^LT, mm-^nrcmm'f—S' 

^Hmr^o ^fc. EE PROM 1 3A>^->— >->xs 

>x#^*E E p ROM 1 3(ctstt-r5o aii^nfcB 
msmmii. i^as^inc^ffl-rsT^i/rfuxAicfi^ij^ttf 

[0 0 2 0] 5fe-r, fH^XHm^^^-^-^. 

R AMTgaLT(/^?.7^^^o W^mittFALSEi: 

5t•rl^gl5■t?lfSLTV^«■fe4^a.UT■^'X7"- 

^fX^#SgL, ^n*^F A L S E t^&oTV^^S^-S-fcti 
M**Stt#tt^V^o — 73TUREi::&oTV-'S^-&tC 

^ff'5i:-t^jLUx.<X'r-^fX«rF AL S Em^Mf 

So 

[0 0 2 1] i^^tc, ■^■mmWz.^^'f^WM'f—^xnnt 
30 n^-^T (ilcD:^-'^T«7'^'l''^-h^-i:>'^yU 
A^^-P'^ (X-x<y:/S 1 0 1) s «nTl.^*l.-««-&{iJ!l 

s^*?Tf ^fiK^nTv^n^f 0 1 © i c * - k i 
^ti^^=L-^'^x^mmmniw^t^ (xx-y:/s i o 

2) o CCD2 0A^P.iti'Jx-^ (SKr'-^Jf) ^SJtf 
HIC^?1'-^1 8*>e.3^a^SiJ*liJ^-r5 {.7.'rv:f 
S 1 0 3, S 1 0 4) o ^LT, 5J!#L/-cftiSiJx^— 

40 ^^-mm-^^ (X-r-^rs 1 0 5) o '^fc, EE PRO 
Ml 3 3b^?.y^-Y^-h4^- • ^r^mSEB^S • iy—^:/ 
XS^^^t#-rS (Xt^-vT'S 1 0 6) o ^t#L/c'>- 
-b-VXS^fC lifia^-erTE E P ROM 1 3lClSS^-r5 
(Xx-y:/S 1 0 7) o 5!lS?S5^cDtfiiJ7="-^tc^fe^ 
^JRtfi/-'y>XS^;SrjU!ja?nT/tfciO«:H-j|iJ1fffii: 
(X-r>yys 1 0 8) o CCDftiWIf^lcMUT-'N-y 
'>^M^H-»-r« (Xf^-yXS 1 0 9) o ti-lEL/c/N-y 

^^^^w-^-rs (X7^-yXs 1 1 0) o ±ieti-»^n 

50 /-c/N yi^afil* I C*-Kfc:«Ls 3.— yoX^-C^- 
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f--y:/s 1 1 1) o ^LT. mmmicmm<Dm^m^ 

a-t^ 11 2) o Htc, 3.— <f«?^S^ 

WM'^nt-r^ (xx-y7°s 1 1 3) o m^±.ti^-Drcm 

^5) (X-r^rS 1 1 4) o 

[0022] c(D.fc3ic, Hg^5aaitH6Rt>*te«iiit6* 

I C A- KII<D^1-gPIH1t#IS^ffiffl LT:x-if tog 

<t 5 tc-r S*if«^-S«*##bTV^:feV^H-S!l1f «^i:^1• 
g|5^BA^e7'^'•tr7.•r■t^^/^.}; 3 tc-rSi^NSA^^^o 
[0 0 2 3] #(C{^^1f^ (3lffi^^lJ. S^--^^ 

5o *OlSa3tL*l^-n{f%P.:&V>cDa. T I F F^H 

<r>m^\z. aa^T^- ^! *^ i: c e> a C * o T V > 5 

ll46Ji^/-£^®•a•^ctt^^o^6^^^ug3b^■rnT 3 c i: tc 



8 

[0 0 2 4] :^>:IC, ^-^T^fi!cJ!iatCOVT0 4St>' 

y s 2 0 1 ) . :^r— ?TA^i2SistiTv^ntfSfefiR-rSiej 

XAlCjcO^-'^T^^fiK-rS 2 0 2) o 

^LT, :tfii(;Lrc^— '^T'tiE E PROMlCie^^nS 

(XT--yrs 2 0 3) . '>:tc. 4^— -<r©o^>'^:ru -y 

7^<y7'S 2 0 4) c la 4 lc^-r<fc ^ tc. 3^a5^Mtc*5V^ 
fcjg^ns (X-ry:/S 2 0 5, S 206)o-?-LT, 

<i>mmwm9\.t e e p r o MtciBMi^ns (x-x y s 

2 0 7) o 

[0 0 2 5] sfc, thfflijssortgp^'-r-^^is^-r^.^ta 

ffiit U T V ^ ^ X -7 - K Bg-a- L T IE b n «' ^ T CO 
30 ±fB*^)5g15iJ(D J; 5 tcfi-iiJ^BA^ I C K U 

^fC£D*i^fl"70S^«:a:MT-f? 5 <}: ^ tcr S C t% 
A^^I^SE-r § fc46 fij^iJ;^ J-XT© J; o i: ^ c 

ttE3-F^«^LfcgL?S' 3b<-&f tits I CA-K{i*f5 

40 t^^^lET^^o 

[0 0 2 6] Bg^T^l'd'UXAOHif^iaSfiioi^Tti. 
50 5)4x50 <10ff!l»ctJV>Tfeff-jBISS»c«^i6 
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[0 0 2 7] ^fc±l2THiBg#T;l/rfUXAOM^i!l^ 

l\ ^(Ofc^. ftPJIt^tctiSv^Z^brfUXAOa^g 
ff/ctc-r^^Xh-zl/bfcBi^Z^l/rfUXAiCct^S 

^y-y-^v^zL— ;l/ti^J^tSP CMC I ki:2—Y-^^}l<D^o 

^ coPBio^aw^c-r > ^ :7 X — x^it^c^ ioic L 

Hg^jaao fc a6 y n -b ^y -^t ijHt fc«i&o ttiiJ^H^ 

[0 0 2 8] ±tem 1 (ojissfiRjTti:. mm7'-i^<o^\z 
(oyj^com^. mir'-^icm'¥-m^^^mi.rcmx\ 

^OII0^;^l M t> e> V >S141f ffir* o T ^ ntc 
[0 0 2 9] ^CT% J;iTtCgiB^-r^^2(D^SE^J{i. 



10 

[0 0 3 0] lg2(D*SSifi^JtCOV^TE X i f (E x c h 
angeable image file forma 
t for digital still earner 

a) (Dmmy i^-'T-j Y^m\z\^xmm-r^o 1^9 tin 
X i f cOH^7:t-v^y hcorts^^^-riaT^fe^o ^ 

^mzm-r^mnm^'&r^ e x i f if dri/g p 

10 Slfffi^lBidi-r^GP S I FD. ^MJiKc-t^^nU-r-f 
1f$B^f2a?-r^fca6tD^?^(D^$DT*fe^S e c u r i 
t y I FDi:v>^^>o;&fflitc^«L. tS*fl*r^ci: 
^^SS^J^LT^^Tt^^o ^(D^tC. Ex i f IF 
D^GPS I F DtctiftSiJ-r— ^ (xv^^^?;]/;^ ^ -^cD 

20 ^^(DiCiimtr^^mni^^'^^^x^umi^rzi^nMx^ 

I FD^GP S I ¥ D tDQr^—iof)^^EO I ^— 

(Dm^mmtLxmm'rtii,f@i\^^cticrj::i,t\ m^± 

t^E x 1 f I F D-^G PS IF DCD^^tctiin^Vh;^ 
MmX^^^^lcrs-z>X:ioK>. mti^^E x i f I F D 
CD4itcnpi>h;&3ii*nLTL^o/c^'a'. Ex if I 
FD)bUXSui:S*§ttffilc*oTL^^/-ci6. 

[0 0 3 1 ] ^j>:tc. mB-^nrc-n^^jvmmicjciLxm 
m-r^o ccxHii. -rrnc T^v^^^i/H^tij PEG (e 

X i f) y:i—'^yh\Cm^'StlX\^^^Ct^m^hX 

[0 0 3 2] (1) 5t-r. Umi^fcl^ (sEWcUrcl.^) 

40 ^-tlCO^m^X) IznVX. SHA- l-^MD 5 

ofc^N^y>'^r;l'r3UXA-r:VN^yv/^{B ^tt 
(Xf-^yT'S 1001)0 Ccoftm^n/cfil^-Y 

[0 0 3 3] (2) ^P<-v>VN'yS/iiT$»^C^^^-r 
V a 1 u eg|5i:LT$fe<D-rp<-S/VN'y 
->rLffl*itOTL VT'-t$?XU;»<>b (Tag (04^ 

TT] TgfB) . Length TLJ l?SlE) , 

Value rvj T^fB) ) ^{^fi£-r§ (X-r^y 

1 0 0 2) o cco{^^$nfcfeo*-i'><— v^>^N*yi^ 
50 ^?xUp<>hi:fq^^o 
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[00 3 4] (3) Ex \ fyrt—'^y hitciihr mi. 

<?igtC^«L/cS e c u r i t y I F DtC 9c(D^ ^ 
1 0 0 3) o 

[00 3 5] (4)Exif IFD.GPS IF 

D. S e c u r i t y IF DlC^^n^. mmMMt 

§ (X-r^y:/S 1 0 0 4) o cn^^^^yiy=L^ifV7.h 
t^So CCD/N^yi/rL^^^UXhtCtiE X i f 

I F DCDft^OllKB^'r— ^:I:^^>'^'^^ Secur 
i ty I F DC04^O><;?^ — i^>^N^y>^:i-r— ^xl^^V 

[0 0 3 6] (5) >^N^yi^rL^^*UXhtC#i6e)nfc^ 
^tcJ^JS-rSSr^-^Xl^^^htOV a 1 u eg|5 (V a 

Jfi^nrv^^V a 1 u egiS) ^liHtCSHA- 1 -^MD 5 
V ^ /j:/ N OL 7 ;l/ U Xi^ IC fjHf^ — ^ ^y it 

m^^n-r^ cxT^^y^s i 005) o ciDH-s^^n/c 

[0 0 3 7] (6) "f—^^^yiy^T&^Ct^^-r^ 

^'S-^^fflV\ Va 1 u e^tLX't(Dr'—^^^yiy:n. 

S 1 00 6) o CfDf^^^tlfc^O^-T^— ^>'N^y->iLT=' 

[0 0 3 8] (7) ^fe^^D-r— ^>'^^y v'li-ffi^. xv^^^b 

•rs (Xf-*y>^S 1 00 7) o c:cD0g#ft^n/cfecO:Sr 

[0 0 3 9] (8) -r-^^^Tfc^C^^^-r^^'S 
Va 1 u egPirbT^tDT^-^W^^Dfil^it 
OT L Vx-^xU^>b^{t^-r^ (X-r^y^S 1 0 
0 8) o COft^^n^cfcO^-r-i$?^€,'r-^xlx^ 

[0 04 0] (9) Security I F DtcJfecD-r 

-^/N'y>/jLT'-^Xlx;^>h^. 
b^^^h^jiin-r^ (X-r^y^S 1 0 0 9) o 
[0 0 4 1] (10) "ef?fe:6^ofcE X I fm^y"—^ 

[0 0 4 2] Sfffltcti:a?^Tl/>^V>*^ T I F FCOt^— 

mtc V cDfg^iB^'r ^ J: -5 -r § o 

[0 0 4 3] C<DcfcatcLTf^^^nfcll?S«##<73 
[0 0 4 4] 9cf. JPEG (E X i f ) Mmti^h, 



12 

7'-^'Si&*T'i>*^';l/:^^^0/^>^U*y^4^--T«^-r 
;g»o JPEG (E X i f ) H^:^^^. "f—^^^-jiyn.^ 
-^xb^>hcOV a 1 u egP^SDtti-r o ^^iEfflf^- 
^ 7 N >y M i: -x— N ^y iL § ^ -5 

A.:^)^tf^nTV>;g)o J PEG (Ex i f) mmti^h. 
^yv'jL^^^gxhf'-^xU^VhcDV a 1 u egP^SS^ 
m-To »y i^-ij X h tclBg^^tiTV^^ ^ if\zm 
^^•r^T'-^Xlx^^htDV a 1 u eg(5;^|lMtC^t)m 
10 /N^y i/rL7';l/rfUXAtc>bHtT>'N^y->ji{a^ft»'^ 

coeJ^^^:^'«^T^nTv>;5o j P e G (e x i f ) mmti' 

5,. >?/N>yi/:xx— ^ailx:?(>hcDV a I u egP 

^S^Offi-To J PEG (Ex i f) mmti^^. ffiSLT 
V^^a^-r-^X hU-AgI5;^5J0mL. /N^yf^^y;!/ 
rfUXA (SH A - 1-»^MD 5*^) tc;bHtT/>^y ->a. 
ffl^^I+^f §o 1^mEffl^>^-i^/N^yS^aLMi:><^-y/N 

A.^nTV^:&V^ (3(^/u^n/c:PlftE14ti®i6T{gV>) fc 
[0 0 4 5] CKDcfc-p^Sr^aStix «?S«*S«)iit?^ 

[0 0 4 6] :^4b\ ±mnmmxHt'fiy^^vio?^^^m 

[0 0 4 7] 

40 mmco^^i &.±mmLrc^o[c. ^mm^nt^£. 

[0 0 4 8] ^/c. ftSOx-^tC^^LT^JS&^^^V-T 
Its b /c«? S« ^ft«y T^- ^ ^ « tc lE^-r ^ C ^ 
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[0 0 4 9] Mfc, ttSiJSnfdllS^^-r. 5^a5A^P)<D 

- OBuJiBI«*^m L ^ V ^ * ^ tcf ^ C i: T' 1 5 „ 
[0 0 5 0] i:t 10(03^gi5^iEn-K^ 

[0 0 5 1] Ht, iii»ff?SiJ«i§ti:i:»3tf P>nfc®#lc 

«?S€,^ai6jAtJ«t?iliftf+rBiJ11i§Tlffcili^*^3f^ 

S C i: T-S?¥iS L fc C i: tc J; TH^'r- ^ 
WPmmx t S cfc 3 fC o fco 



[12 2] ^^Sgfi^Jtcfclj-^ttjHijT^-^flCjlPifr^iKiStDdii 

[0 5] *^figmfcnt2.+-'^T0^^5Q«08Sn?r 
10 ^t"7P— ^-V— hT-feSo 

[0 6] *^fig^JfCfcltS34gi5^IiE(Dai^^^t-0T'^ 

[0 9] ia#7^— v-y hcDrt^^^f 0T-*5o 
[010] :^mmf^2<DmmmK^.^m'm\mmmc 

20 [??^£Di»H^] 

11:R0M. 12:RAM, 13:EEPR0M. 1 
4 : I CA-KU-^^. 1 5 : I CA— 1 6 : ii 
1 7 : ^i.g|5^S. 1 8 : 1 9 : CP 

U. 20 : CCDs 2 1 : Bg^MSya-b-y-y-o 
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1 CPU 
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JPO and NCEPI are not responsible for any 
damages caused by the use of this translation. 

1. This document has been translated by computer. So the translation may not reflect the 
original precisely. 

2 **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim l] The digital measuring machine machine which measures the physical candidate 
for measurement and is characterized by having a key generation means used for the 
electronic signature of a pubhc key cryptosystem to generate the public key and private 
key of a pair with a key generation algorithm at least, in the digital measuring machine 
machine which gives the electronic signature of a public key crj^ptosystem to the 
measurement data of the measured physical quantity, and manages measurement data. 
[Claim 2] The digital measuring machine machine according to claim 1 which records the 
electronic signature calculated using said private key to said measurement data with said 
measurement data. 

[Claim 3] The digital measuring machine machine according to claim 1 which memorizes 
the public key certificate which was signed with said private key, and which is not 
rewritable firom the exterior. 

[Claim 4] The digital measuring machine machine according to claim 1 which holds the 
sequence number which shows the measured sequence, and which is not rewritable fi-om 
the exterior, and records this sequence number with said measurement data. 
[Claim 5] The digital measuring machine machine according to claim 1 to 4 which enables 
renewal of said key generation algorithm, said electronic signature, and said sequence 
number when at least one external authorization code is held and the external 
authentication over this external authorization code is materiahzed. 

[Claim 6] The image measuring machine machine which has the characteristic quantity of 
an image as a part of image incidental information on an image data format, and is 
characterized by calculating electronic signature and storing in an image data format by 
making the calculated electronic signature into image incidental information from image 
incidental information using the private key of an image measuring machine machine in 
the image measuring machine machine which gives the electronic signature of a pubhc key 
cryptosystem to image data. 

[Claim 7] The image measuring machine machine according to claim 6 stored in the image 
data format by making into image incidental information whether to have used one 
information of the image incidental information when calculating electronic signature. 
[Claim 8] The image measuring machine machine according to claim 6 which uses the 
private key of an image measuring machine machine based on characteristic quantity, and 
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is stored in an image data format by making into image incidental information the 
electronic signature which calculated and calculated electronic signature while storing the 
characteristic quantity which calculated characteristic quantity and was calculated as 
image incidental information ahout the image incidental information containing the 
characteristic quantity of an image. 

[Claim 9] While storing the characteristic quantity which calculated characteristic 
quantity and was calculated as image incidental information about the image incidental 
information containing the characteristic quantity of an image Use the private key of an 
image measuring machine machine based on characteristic quantity, and it stores in an 
image data format by making into image incidental information the electronic signature 
which calculated and calculated electronic signature. Moreover, the image measuring 
machine machine according to claim 6 which calculates electronic signature using the 
private key stored in the enternal memory means with which the image measuring 
machine machine was equipped based on characteristic quantity, and also stores the 
electronic signature concerned in an image data format as image incidental information. 
[Claim 10] The image incidental information used in case the characteristic quantity used 
for count of electronic signature is calculated is an image measuring machine machine 
containing the serial number of image data according to claim 6 to 9. 

[Claim 11] The image incidental information used in case the characteristic quantity used 
for count of electronic signature is calculated is an image measuring machine machine 
containing the serial number of an image measuring machine machine according to claim 6 
to 9. 

[Claim 12] The image incidental information used in case the characteristic quantity used 
for count of electronic signature is calculated is an image measuring machine machine 
containing the public key used as the pair of the private key used for count of electronic 
signature according to claim 6 to 9. 

[Claim 13] The image incidental information used in case the characteristic quantity used 
for count of electronic signature is calculated is an image measuring machine machine 
according to claim 6 to 9 which contains the public key used as the pair of the private key 
used for count of electronic signature in the form of a public key certificate. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention changes into digital data the input obtained from a 
digital camera, a scanner, a sensor, FAX (modem), etc. by the detail about a digital 
measuring machine machine and an image measuring machine machine, and relates to the 
data security of the equipment which processes management, transmission, etc. to the 
digital data. 
[0002] 
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[Description of the Prior Art] Various techniques are developed, in order for informational 
electronization to progress quickly, to exchange all information mutually through a 
network or portable media as electronic data and to secure the security of the electronic 
data in recent years, the security technique of the electronic data currently generally 
examined mainly - the contents of data, such as a secrecy technique of data, an 
alteration detection technique of data, and a management (authentication is included) 
technique of the access privilege to data, " not paying one's attention - an edge " while 
there were many security techniques treated as a lump, the ED to which the contents of 
the electronic data are related for whether being the right or not from the first was seldom 
made. However, if the data from the first which are going to secure security are inaccurate, 
no semantics will be made even if it secures the security of the data, if data fi-om the first 
are electronically generated by artificial actuation firom the beginning - the contents of the 
data " the right - the implementer who created the data like a Prior art in order to have 
guaranteed things, or its data " being related " responsibiUty - **** adding the 
electronic signature of those who are etc. will be processed. 

[0003] Then, the method of storing the private key of the digital camera proper in a digital 
camera, calculating electronic signature on U.S. Pat. No. 5,499,294 specifications, as a 
conventional example, using the private key concerned to the image file photoed with the 
digita! camera, and recording on a medium with an image file is indicated. The private key 
stored in a detail at the digital camera is Secure in a digital camera. It can ROM-ize to 
Processor, can be recorded on it, and can read no longer from the exterior. Moreover, the 
pubUc key corresponding to the private key is stamped on the body of a digital camera. 
Furthermore, the parameter which shows the pubhc key and photography situation is 
printed to the periphery of the image photoed with the digital camera, and it is made to 
perform electronic signature to it to the whole image. Therefore, as for the image photoed 
with the digital camera, the certification force is heightened. In addition, the public key 
corresponding to a digital camera is premised on the manufacture manufacturer of a 
digital camera opening to the public widely. 
[0004] 

[Problem(s) to be Solved by the Invention] However, according to the above-mentioned 
conventional example, those correlation may not be clear anymore when an image file is 
moved to a personal computer etc., since the photoed image file and the electronic 
signature file which the digital camera calculated to it are separate. Therefore, it was not 
clear anymore which in spite of having performed processing which heightens the 
certification force of an image file with much trouble, is an electronic signature file, and 
there was a problem of it becoming impossible to verify the bona fides of an image file after 
all. 

[0005] Moreover, although the manufacture manufacturer of a digital camera generates 
the pair of a private key and a public key and he is trying to record on the interior of a 
camera, that the digital camera manufacture manufacturer knows the private key also had 
the problem that it was connected with reducing the certification force. 
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[0006] Furthermore, although it was preventing from changing after setting up a setup of a 
timer with a built-in digital camera at the manufacture time, it was what may naturally 
happen that a timer goes wrong gradually, and it was a problem that it cannot be reset as 
right time of day. It was a problem that record of the time of day itself becomes impossible 
to it when the lithium ion battery which is the power source of a timer goes out to it. 
[0007] Moreover, although manufacture meter is to exhibit widely all the public keys 
assigned to digital camera each in the above-mentioned conventional example, having 
considered the case where many digital cameras were manufactured very much, that only 
the part of the number exhibits a pubhc key had the problem that the pubhc key which 
complicatedness increases and corresponds out of a vast quantity of pubUc key lists in the 
case of bona-fiides verification of an image had to be discovered. 

[0008] Furthermore, since the digital instrument for general users like a digital camera 
was assumed, there were whose having recorded the data etc. and a problem that it was 
not taken into consideration at all about For example, it is because it may 

become important who measured the data especially in the case of medical- application 
metering devices, such as a CT scanner and digital endoscope equipment, (photography). 
[0009] moreover " it not being taken into consideration about an addition and exchange of 
the electronic signature algorithm inside equipment, or renewal of a key, but carrying a 
new algorithm in a new product model, since the short digital instrument of the 
comparatively cheap life cycle for general users like a digital camera is assumed - **** it 
is not stated. However, in the case of large sum digital medical equipment like a CT 
scanner, the life cycle also had the problem that it might be said that it will be long and the 
reinforcement of cryptographic algorithm will become weak relatively in an engine shorter 
than the life of equipment, for example. 

[00 10] This invention aims at offering the digital measuring machine machine and image 
measuring machine machine for solving these troubles which it is [ machine 1 and have the 
dependability and the certification force of the contents of electronic digital data 
heightened. 
[0011] 

[Means for Solving the Problem] This invention has the description in having a key 
generation means used for the electronic signature of a public key cryptosystem to 
generate the public key and private key of a pair with a key generation algorithm at least 
in the digital measuring machine machine which manages the measurement data of the 
physical quantity which measured the physical candidate for measurement, in order to 
solve said trouble. Therefore, even a manufacture manufacturer cannot know the 
generated private key. 

[0012] Moreover, it is good only at the public key corresponding to the private key used 
when a private key was not exhibited but ** also drew up a public key certificate by 
memorizing the public key certificate which cannot rewrite the electronic signature 
calculated using the private key to measurement data firom the exterior signed with 
recording with measurement data, or a private key. 
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[0013] Furthermore, the context of measurement data can be prevented from getting 
confused by holding the sequence number which shows the measured sequence and which 
is not rewritable from the exterior, and recording this sequence number with measurement 
data. 

[0014] Moreover, when at least one external authorization code is held and the external 
authentication over this external authorization code is materialized, the certification force 
of the measured data can be maintained for a long period of time by enabling renewal of a 
key generation algorithm, electronic signature, and a sequence number. 
[0015] Furthermore, it has the characteristic quantity of an image as a part of incidental 
information on an image data format as another invention. By calculating electronic 
signature using the private key of an image measuring machine machine from image 
incidental information, and carrying out additional storing into an image data format as 
image incidental information Since electronic signature is embedded in the image obtained 
from the image measuring machine machine, can verify whether the image photoed with 
the image measuring machine vessel is altered, and In case the characteristic quantity of 
an image is stored as image incidental information and electronic signature is calculated, 
it can carry out clear [ of using which image incidental information the signature was 
calculated ]. It came to be able to perform modification and an addition by having stored 
electronic signature by doing so also about the incidental information on the part without 
regards to the documentary photography of image data. 
[0016] 

[Embodiment of the Invention] It has a key generation means used for the electronic 
signature of a pubhc key cryptosystem to generate the public key and private key of a pair 
with a key generation algorithm at least. 
[0017] 

[Example] Hereafter, the example of this invention is explained based on a drawing. First, 
with the contents of electronic data, especially the measurement data of physical quantity, 
if an example is given, the reconstruction image data measured and calculated with CT 
(Computed Tomography) equipment used by the image data photoed with the digital 
camera or medicine will be mentioned. Electronic data (when crossing the data to others or 
showing it, it is thought that it will be necessary to guarantee) which will need to 
guarantee the measured physical quantity and correlation, such as data after performing 
processings (the case of a digital camera the case of a CT scanner FBP (Filtered Back 
Projection) image-reconstruction processings by law, such as compression processing of an 
image and gradation transform processing etc.) pecuhar to the metering device from the 
measured data like these data, is applicable. And even if it is equipments which generally 
are not called a metering device, such as a digital camera and a CT scanner, it is called the 
"digital measuring machine machine" from the above backgrounds. 

[0018] Drawing 1 is a block which shows the configuration of the digital measuring 
machine machine concerning the 1st example of this invention. In addition, it shall be 
explained below as a digital measuring machine machine of this example, using a digital 
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camera as an example. This example shown in this drawing is the crjrptographic 
algorithms for electronic signature (for example, RSA, MD5, etc.), and cryptographic 
algorithm (for example, DES (Date Encryption Standard).) used for external 
authentication. Although this DES is the cryptographic algorithm of a private key 
crjrptosystem, as long as it is appUcable to external authentication, the cryptographic 
algorithm of what kind of method is sufficient as it. ROM 11 which stores an image data 
compression algorithm (for example, JPRG), a random-number-generation algorithm, and 
the Maine control program, RAM12 to which the Maine control program, various 
algorithms, a private key, a sequence number, an external authentication key, etc. are 
loaded if needed, EEPROM13 which stores the private key used for the electronic 
signature of a pubhc key cryptosystem, a public key certificate (an authentication engine's 
signature and pubhc key), and a sequence number and an external authentication key. 
Record the digital image information which added a sequence number, time of day, 
electronic signature, etc. to the photoed digital photography image data. For example, the 
communication link port 16 for performing the exchange by the communication hnk with 
the IC card reader 14 and external device 17 which perform read'out/writing for the 
information concerned on IC cards 15, such as a memory card. It is constituted including 
CPU19 which performs the timer 18 which acquires time-of-day data, and various kinds of 
operations, and controls each component, and CCD20 which changes the photoed image 
into electronic data. 

[0019] Next, if actuation of this example is explained and a shutter carbon button will be 
pushed, CPU19 acquires photography image data from CCD20, and stores it in RAM12 at 
the same time it acquires time-of-day data from a timer 18 and memorizes it to RAM 12. 
And the stored image data is compressed. Moreover, the sequence number added to the 
sequence number one is stored in EEPROM13 at the same time it takes out a sequence 
number firom EEPROM13. The sequence number previously taken out at the head of the 
compressed image data and the time-of-day data acquired firom the timer 18 are added. 
And the electronic signature is added to previous image information to the done image 
information, and it stores in IC card 15 as photography information as one lump. In case a 
private key, a pubhc key certificate, a sequence number, and a time-of-day setup are 
changed, if the case where DES is used for the algorithm used for external authentication 
is taken for an example, the following procedures will perform external authentication 
processing which should be performed beforehand. 

[0020] First, a random number is generated inside and the random number is sent out to 
an external device. It compares with the code which enciphered the authorization code 
with reception from the external device, and enciphered the random number generated 
previously with the external authentication key. It supposes that external authentication 
was materiahzed when those codes were in agreement, and is the security status (flag 
which has managed this by RAM.), an initial state - FALSE - carrying out - it changes 
into TRUE. With reference to the security status first managed inside when modification of 
a private key, a pubhc key certificate, a sequence number, and a time-of"day setup is 
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required from the exterior, when it serves as FALSE, a demand is not received. On the 
other hand, when it is TURE, a demand is received, and processing according to the 
demand is performed. Processing changes the security status into FALSE. 
[0021] Next, it explains below that processing flows to the measurement data in this 
example. First, it investigates whether the key pair (this key pair is a pair of a private key 
and a public key) of equipment is already generated (step SlOl), when not carried out, 
processing is ended, but if generated, a user public key certificate will be acquired from IC 
card 15 of drawing 1 (step S102). Measurement data (photography data) are acquired from 
CCD20, and current time is further acquired from a timer 18 (steps S103 and S104). And 
conversion to processing required for the acquired measurement data, for example, 
compression, CT image reconstruction, and a standard data format etc. is performed, and 
measurement data [ finishing / processing ] are acquired (step S105). Next, a private key, a 
public key certificate, and a sequence number are acquired fi-om EEPROM13 (step S106). 
One **** is made the acquired sequence number and it stores in EEPROM13 (step S107). 
Let the thing which was having current time and a sequence number added to 
measurement data [ finishing / processing ] be measurement information (step S108). A 
hash value is calculated to this measurement information (step S109). It is enciphered by 
the private key and the calculated hash value calculates the electronic signature of 
equipment (step SI 10). The user electronic signature which enciphered the hash value by 
which count was carried out [ above-mentioned ] by the private key of delivery and a user 
to the IC card is acquired (step Sill). And the electronic signature and pubHc key 
certificate of equipment are added to measurement information, and it considers as 
measurement information [ finishing / the signature of equipment 1 (step SI 12). 
Furthermore, user electronic signature and a user pubUc key certificate are added, and it 
considers as the signed measurement information of equipment and a user (step SI 13). It 
records on a mass external record medium by considering done signed measurement 
information as a file (step Si 14 (or it sends out to an external device firom the 
communication link port 16)). 

[0022] Thus, a signature of a user is generated using enternal memory means, such as an 
IC card with a code processing facility and a memory storage function, and the metering 
device itself is not attesting the user only by having given the signed measurement 
information on equipment with a user's pubUc key certificate. If signed measurement 
information is verified, although the user would be whom or this will carry out "later" 
authentication, since it is made, there is. On the other hand, as long as the metering device 
itself can attest a user beforehand, you may be other approaches, a user is attested for a 
metering device, as long as it is clear and is, a user name may only be given to processed 
measurement data with a sequence number etc., and electronic signature processing may 
be performed. When not using an IC card, a metering device does not need to carry the IC 
card reader 14. It assumes that the serial number of equipment, the manufacture meter 
name, etc. are indicated by the public key certificate of equipment, and the user name 
which can specify a user as a user's public key certificate, affiliation, etc. are indicated. 
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About the public key certificate of equipment, equipment is enabled to send out outside 
according to the demand firom the outside. Moreover, in this example, although electronic 
signature is immediately created after creating measurement information, since 
computation time starts creation of electronic signature, un-arranging may arise to 
measure continuously. Then, the created measurement information is recorded on mass 
external storage as it is, and before sending out outside later, or before it removes a mass 
storage medium from measurement information, you may make it create and give 
electronic signature. In that case, it is necessary to prevent from accessing the 
measurement information which has not given electronic signature -* mass external 
storage prevents from removing firom the body of a metering device etc. - firom an external 
device until it gives electronic signature. 

[0023] Moreover, although he is trying to only add incidental information (current time, a 
sequence number, public key certificate, etc.) behind processed measurement data, since 
the data of arbitration can be embedded as an image data format, for example in the case 
of a JPEG image, these incidental information is also recordable on the part using it. By 
doing so, though it is the file where electronic signature was embedded, it also becomes 
possible for the existing image display program etc. to process. Since that it must be 
careful in that case has the absolute location for where image data has begun from as a tag 
in the case of TIFF etc., when electronic signature is embedded, the^absolute location will 
shift. Then, in order to avoid such a problem, as shown in drawing 3 , only the part which 
embeds electronic signature beforehand secures a field, and the field is fill uped with the 
value decided beforehand, calculates a hash value to the whole data on it, and generates 
electronic signature. And it is also possible to embed the generated electronic signature to 
the field secured beforehand. Before performing data measurement, key pair generation 
processing must be performed beforehand. For example, a metering-device manufacture 
manufacturer performs this processing before shipment at works. 

[0024] Next, it investigates whether the key pair is already recorded on EEPROM of a 
measuring machine machine (step S201), and if key pair generation processing is 
explained based on drawing 4 and drawing 5 , since it is not necessary to generate if the 
key pair is recorded, processing will be ended. On the other hand, if the key pair is not 
recorded, as shown in drawing 4 , a key generation algorithm will generate a key pair (step 
S202). And the generated key pair is recorded on EEPROM (step S203). Next, a public key 
is transmitted to an external device through a communication Hnk port among key pairs 
(step S204). As shown in drawing 4 , in an external device, a pubUc key certificate is drawn 
up to a public key, and the public key certificate concerned is passed to a digital measuring 
machine machine through a communication link port (steps S205 and S206). And a pubhc 
key certificate is recorded on EEPROM (step S207). 

[0025] Moreover, if the processing which sets up the internal timer of a metering device is 
said in an easy example, a keypad will be attached in a metering device, a password is 
entered from a keypad, and if a metering device collates with the password currently held 
inside and is right, how to permit setting modification of a timer can be considered. Since 
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the metering device carries IC card reader like above-mentioned this example in others, it 
is also thought of that a specific IC card enables it to change a setup of a timer only into an 
insertion ********** case. In order for being inserted to verify whether it is a specific IC 
card, the following approaches can he taken, for example. As shown in drawing 6 , a 
measuring machine machine manufacturer's pubUc key is beforehand stored in the interior 
of a metering device. And if the random number which the metering device generated first, 
and random-number [ which decoded the authorization code from an IC card ]' are in 
agreement, the IC card will have a secret key and it can attest that it is a specific code. 
[0026] About an update process of cryptographic algorithm, if setting processing of a timer 
explains, for example, what enables it to receive a new code processing program through a 
communication link port only to the midst which is inserting the specific IC card can be 
considered. Or if a manufacture manufacturer's electronic signature is given to a code 
processing program and a metering device is passed as shown in drawing 7 , how to use 
[ for a metering device to verify the electronic signature, to store the code processing 
program in an internal* storage medium, if it is verifiable that it is right electronic 
signature, and ] it for cipher processing will also be considered. Also in this example, it 
assumes having held a manufacture manufacturer's public key beforehand to the metering 
device. It assumes that the algorithm which calculates a hash value, the algorithm which 
generates a key pair, and the algorithm to encipher and the algorithm to decode are 
contained in a code processing program. 

[0027] Moreover, although stated as an update process of cryptographic algorithm above, it 
does not update about cryptographic algorithm but only an addition may not be made to be 
not possible. Although what has reinforcement high with the crj^tographic algorithm 
registered later being natural should be used, when an old code processing program is 
brought and someone installs in a metering device unjustly, it can prevent the certification 
force of a metering device in which the newest code processing program is already carried 
dechning. It does not come out so much and possibiUty that a defect will be found in the 
newest cryptographic algorithm is large compared with an old algorithm. Therefore, you 
may make it give both the electronic signature of an old algorithm, and the electronic 
signature by the newly installed cryptographic algorithm to measurement information. 
Moreover, about cryptographic algorithm, since a new algorithm has large possibility of 
needing computational complexity more, it may be made to replace the processor which 
performs not exchange but the code processing program as a code processing program. In 
that case, although a cipher-processing processor needs to attest whether it is what was 
made by the just manufacture manufacturer, the structure can apply the completely same 
processing as the processing which verifies previously whether it is a specific IC card. A 
cipher-processing processor module can consider the gestalt of a PCMCIA card etc. Or the 
physical interface between a cipher-processing processor and a metering device may be 
made special, or approaches, such as making special the protocol between the processor of 
a metering device and a cipher-processing processor, and making it secret, may be taken. 
In such a case, it is not necessary to attest a cipher-processing processor. Detailed 
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explanation is omitted although the configuration of the metering device at the time of 
dividing into the processor of a metering device and the processor for cipher processing 
becomes like drawing 8 . 

[0028] In the 1st example of the above, the field which stores electronic signature in 
measurement data was reserved, the digital measuring machine machine calculated 
electronic signature to the whole measurement data in the condition of having carried out 
NULL padding of the part beforehand, and the approach of storing the electronic signature 
in the previous reservation field was taken. There was a problem to come to store other 
information, for example, a comment etc., in measurement data further, after storing 
electronic signature in measurement data in the case of this approach. That is, even if it 
was the attribute information without regards to the certification force of measurement 
data, when it added other attribute information to measurement data later, or 
modification was added to it, it may have become data with which the measurement data 
itself differ, and verification of electronic signature may have become impossible. 
[0029] Then, the 2nd example explained below is clarifying the object which calculated 
electronic signature, and also when it adds another attribute information later, it enables 
verification of electronic signature. 

[0030] About the 2nd example, the graphics format of Exif (Exchangeable image file format 
for digital still camera) is made into an example, and is explained. Drawing 9 is drawing 
showing the contents of the graphics format of Exif. In addition, the attribute information 
on electronic signature and its electronic signature is Exif which describes the information 
about image photography conditions. Security which is the assembly of the tag for 
describing security information to GPSIFD and juxtaposition which describe IFD and GPS 
information It considers defining a thing called IFD uniquely and storing it as an example. 
In that case, it is Exif. IFD and GPS Information which is helpful for raising the 
certification force of measurement data (the case of a digital camera digital photography 
data) to IFD, For example, since the information in connection with measurement 
conditions, such as the date and a photography location, is included, This information is 
information to protect by electronic signature so that it may not be altered, and it is an 
object to protect also about the information which is needed for reproducing it with the 
body of measurement data itself with a natural thing. I want to specifically protect to a 
DQT marker to an EOI marker's this side. Therefore, Exif Although what is necessary will 
be just to manage that it is the electronic signature attached even to an EOI marker firom 
IFD, GPSIFD, and a DQT marker as attribute information on electronic signature A 
specification top is ExiflFD and GPS. A comment can be recorded now into IFD. From after 
to Exif It is Exif when the comment has been added into IFD. Since IFD will be in the 
condition of differing fi:om before, verification of electronic signature will become 
impossible. Then, the information which specifies the data used when calculating 
electronic signature is recorded as attribute information on electronic signature. 
[0031] Next, the procedure which gives electronic signature to the photoed digital image is 
explained below based on drawing 10 . Here, it has already assumed that the digital image 
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is changed into the JPEG (Exifi format. 

[0032] (l) Calculate a hash value (characteristic quantity) by hash algorithms, such as 
SHA-1 and MD5, to an image data stream (I want to make it proofi to protect first (step 
SlOOl). (to for example, a DQT marker to an EOI marker's this side) This calculated value 
is called an image hash value. 

[0033] (2) Create the TLV data element (Tag (it writes by "T] among drawing), Length (it 
writes by "L" among drawing), Value (it writes by "V" among drawing)) which has a 
previous image hash value as a Value section using the tag number which shows that it is 
an image hash (step S 1002). This created thing is called an image hash data element. 
[0034] (3) Add a previous image hash data element to SecuritylFD newly defined uniquely 
to the Exif format (step S1003). 

[0035] (4) Exif IFD, GPS IFD, Security The list of tags of the data element which is helpful 
as documentary photography included in IFD is created (step S1004). This is called a hash 
tag list. In addition, in this hash tag list, it is Exif. The photography time data element in 
IFD, and Security The image hash data element in IFD, a photography person data 
element, etc. will be contained. 

[0036] (5) Calculate one hash value by applying the Value section (the Value section stored 
in the somewhere else when the Value section is over 4 bytes and the original Value section 
is recorded on somewhere else) of each data element corresponding to the tag included in 
the hash tag list to order at hash algorithms, such as SHA-1 and MD5, (step S1005). This 
calculated value is called a data hash value. 

[0037] (6) Create the TLV data element which has the data hash value as a Value section 
using the tag number which shows that it is a data hash (step S1006). This created thing is 
called a data hash data element. 

[0038] (7) Encipher a previous data hash value by the private key in the internal* storage 
medium of a digital camera (step S1007). This enciphered thing is called a data signature. 
[0039] (8) Create the TLV data element which has the value of the data signature as a 
Value section using the tag number which shows that it is a data signature (step S1008). 
This created thing is called a data signature data element. 

[0040] (9) Security A previous data hash data element and a previous data signature data 
element are added to IFD (step S1009). 

[0041] (10) The done Exif image data is recorded on the mass storage medium of a digital 
camera. 

[0042] Like the data description approach of TIFF, although not stated to a detail, when 
the part of V of TLV exceeds 4 bytes (a hash value etc. is about 8 bytes), the offset pointer 
which points somewhere else out to V is recorded, and the value of V is recorded on the 
somewhere else. 

[0043] Thus, the image of the created digital camera with electronic signature can verify 
the bona fides with the following procedure. 

[0044] First, the Value section of a data signature data element is taken out from a JPEG 
(Exid image. A data signature is decoded by the public key of a digital camera. The Value 
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section of a data hash data element is taken out from a JPEG (ExiO image. It checks 
whether the data hash value for verification and a data hash value are in agreement, if not 
in agreement " image data - what - it is •* the alteration is performed. The Value section 
of a hash tag list data element is taken out from a JPEG (Exifi image. A hash value is 
calculated by taking out in order the Value section of the data element applicable to the tag 
currently recorded on the hash tag list, and applying to a hash algorithm. It checks 
whether a re -calculation hash value and a previous hash value are in agreement, if not in 
agreement ■■ image data -- what it is the alteration is performed. The Value section of 
an image hash data element is taken out from a JPEG (Exi0 image. A hash value is 
calculated by taking out the protected image data stream section from a JPEG (ExrO image, 
and applying to hash algorithms (SHA-1, MD5, etc.). It checks whether the image hash 
value for verification and an image hash value are in agreement, if not in agreement - 
image data " what " it is the alteration is performed. If abnormalities are not found in 
the above processing, since image data is not altered (possibility of having been altered is 
very low), it can be judged that bona fides are secured. 

[0045] Such processing can also take the approach of decoding the data signature currently 
conversely embedded at image data in the part which calculates a hash value etc. later on 
and finally enciphers the same procedure as embedding electronic signature with a natural 
thing although the way of having followed conversely the procedure at the time of 
embedding electronic signature is carried out by the private key by the public key, and 
comparing a data hash value. 

[0046] In addition, although the above-mentioned example explained the digital camera as 
an example, it cannot be overemphasized that it is applicable also to the image data 
obtained with the image processing system like the image data transmitted and received 
by image data or FAX optically read with image reading means, such as a scanner. 
Furthermore, this invention is not limited to the above-mentioned example, and if it is the 
publication in a patent claim, neither deformation of a variety nor a replaceable thing can 
be overemphasized. 
[0047] 

[Effect of the Invention] As explained above, according to this invention, the description is 
in the digital measuring machine machine which manages the measurement data of the 
physical quantity which measured the physical candidate for measurement to have a key 
generation means used for the electronic signature of a public key cryptosystem to 
generate the public key and private key of a pair with a key generation algorithm at least. 
Therefore, even a manufacture manufacturer cannot know the generated private key. 
[0048] Moreover, it is good only at the public key corresponding to the private key used 
when a private key was not exhibited but ** also drew up a public key certificate by 
memorizing the public key certificate which cannot rewrite the electronic signature 
calculated using the private key to measurement data from the exterior signed with 
recording with measurement data, or a private key. 

[0049] Furthermore, the context of measurement data can be prevented from getting 
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confused by holding the sequence number which shows the measured sequence and which 
is not rewritable from the exterior, and recording this sequence number with measurement 
data. 

[0050] Moreover, when at least one external authorization code is held and the external 
authentication over this external authorization code is materialized, the certification force 
of the measured data can be maintained for a long period of time by enabling renewal of a 
key generation algorithm, electronic signature, and a sequence number. 
[0051] Furthermore, since electronic signature is embedded in the image obtained with the 
image measuring machine vessel, it can verify whether the image obtained with the image 
measuring machine vessel is altered. In that case, when electronic signature is stored in a 
digital image, and the digital image itself stored electronic signature, it ma:y change. It also 
becomes impossible moreover, to add image incidental information afterwards. In order to 
prevent it, when the characteristic quantity of the image "data stream section of an image 
was stored as image incidental information and electronic signature was calculated, it 
clarified using which image incidental information the signature was calculated. It came to 
be able to perform modification and an addition by having stored electronic signature by 
doing so also about the incidental information on the part without regards to the 
documentary photography of image data. 

DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing l] It is the block diagram showing the outline of the configuration of the digital 
measuring machine machine concerning the 1st example of this invention. 
[Drawing 2] It is the flow chart which shows the flow of the processing to the measurement 
data in this example. 

[Drawing 3] It is drawing showing the situation of storing of the electronic signature in 
this example. 

[Drawing 4] It is drawing showing the situation of the key pair generation processing in 
this example. 

[Drawing 5] It is the flow chart which shows the flow of generation processing of the key 
pair in this example. 

[Drawing 6] It is drawing showing the situation of the external authentication in this 
example. 

[Drawing 7] It is drawing showing the situation of an update process of the cryptographic 
algorithm in this example. 

[Drawing 8] It is the block diagram showing the configuration of the example which added 

the cipher-processing processor which can be replaced. 

[Drawing 9] It is drawing showing the contents of the graphics format. 

[Drawing 10] It is drawing showing the situation of the storing procedure of the electronic 

signature in the image measuring machine machine concerning the 2nd example of this 
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invention. 

[Description of Notationsl 

ll:ROM, 12:RAM, 13:EEPROM, 14:IC card reader 15:AnIC card, 16:communication link 
port, 17 ^external device, IS^timer, 19-CPU, 20'CCD, 2 l^cipher-processing processor. 
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